White hat hacker rescues $7,500 of stolen Ethereum

A victim of a sophisticated crypto phishing scam has had their stolen crypto returned after a white hat hacker recovered over $16,000 worth of stolen Ether and Decentr (DEC).

The hacker intercepted the funds after managing to penetrate the database of a crypto phishing scam. And unlike some 350 people that fell victim to the recent Twitter hack and Bitcoin scam, this time, the funds were reunited with their owner. And it’s not the first time he has helped people to avoid crypto scams either.

5 key things we learned from the Twitter hack

Earlier this month, Harry Denley, director of security at blockchain analytics firm, MyCrypto, stumbled across a particularly sophisticated variant of a phishing scam. The method lulls victims in with phony user interfaces (UI) that imitate popular decentralized finance  (DeFi) protocols—in this instance, Uniswap, an ETH-based token exchange, explains Denley in a blog post.

What is Uniswap?

Once hooked, the scam prompts victims into revealing a host of information they really shouldn’t divulge, including private keys, a secret alphanumeric password that provides access to stashed crypto funds. The bogus UI then redirects victims to the actual protocol—in an apparent effort to avoid suspicion.

⚠️ We are seeing this becoming more frequent – web3 phishing is asking users for raw secrets by imitating @metamask_io popups (MetaMask won’t ask for your key like this)#cryptocurrency #security
cc: @BalancerLabs

— harrydenley.eth ◊ (@sniko_) July 9, 2020

Fortunately for one victim, Denley was on hand to foil the fraudster’s plans. And favorably for Denley, the scammer’s database security was lax, allowing him to receive the phished details and eventually recover the funds.

Further analysis of the database revealed other malicious UI’s masquerading as domain names, such as—a web wallet for the privacy coin Monero—as well as a host of other Uniswap directories.

Google Chrome Store was told about fake Bitcoin apps before $113,000 theft

Tracing the victim’s funds back to a address, Denley reached out to a contact within the exchange, confirmed the victim, and transferred the funds back to their rightful owner.

Denley is no stranger to tackling crypto fraudsters. In May, he flagged eight phishing scams masquerading as legitimate crypto wallets on the Google Chrome store. Despite Denley’s best efforts, Bitcoin podcast host Eric Savic fell foul of one of the scams, losing his entire crypto fortune. Not even Denley could recover it now.



Show More

Leave a Reply

Your email address will not be published.